WorkdayYale Workday Impacted Systems Forum People Hub November

Workday@Yale Workday Impacted Systems Forum People. Hub November 21, 2016

Workday@Yale Objectives § Workday impacted system owners understand what you need to do to retain access to People data for your integrations. Agenda § The new People Hub § Reference Data Architecture § Current State § Ways to Access People Data § Target Dates -2 -

Workday@Yale What is the People Hub? The People Hub is a new data repository of data about People that is being delivered with Workday Release 4. People Hub will be the primary source of data about People going forward. Key differences between the People Hub and Identity Data Repository (IDR): § The People Hub includes additional data attributes from Workday and from the new Sponsored Identity system § The People Hub includes data for terminated people § The People Hub provides multiple data sets: § A consolidated one-row-person data set, similar to IDR § Several multiple rows-person data sets, including Academic Appointments § The People Hub includes historical data § Neither the People Hub nor IDR include significant data about Alumni -3 -

Why introduce the People Hub? Workday@Yale Our future state data architecture design needs to be flexible, scalable and same time maintain a good custody of Yale’s data asset § IAM/IDR was created for Identity Management Purpose so it’s updated frequently, has current snapshot only data, limited identity related data attributes and only contains primary assignment information § An Enterprise Integration Platform (People Hub is one component in it) is being developed to facilitate the need to integrate data from multiple sources before the data is published to the service layer for down stream system consumption § Service Oriented Architecture will help us provide an abstraction layer to consuming systems, which eases remediation cost with future changes to underlying data / systems § Develop a modern data model with a set of detail oriented, historical tracking and uniquely linked tables for maximum scalability and flexibility -4 -

Conceptual Workday Data Architecture Data Services Providers SI Darcy Banner Other Systems FAMIS Web Services, Data files, Database Views IAM/IDR Institutional Data Store Location Hub Courses Hub ……. . Archive Data DWH Subject Matter Marts HR PCARD Facilities SRT Other RE ITS Billing Other ? Data access control Oversight: • Org. Structure • Policies and Procedures Stewardship • Requirements • Data Definition • Rules Data Services Layer Data Governance -5 - Data Services Consumers …… Workday People Hub Workday@Yale Management • Lifecycle Mgmt. • Security • Data Quality • Access Applications Websites Other Cloud Based Apps. Compliance • Monitor • Audit • Report

Workday@Yale People Hub – Current State Many new data patterns are discovered as we bring the data together. It established strong foundation for our data governance program. Total Data Elements in People Hub: Test Release 2(November 1’st 2016): 339 • Number of Hubs: 13 • Number of Links: 16 • Number of Satellite Tables: 31 HUBS links SATELLITES Unique list of Business Keys Unique list of Relationships across Keys Descriptive Data • Number of Integration Views: 8 View Names in People Hub: YUPH_PEOPLE_GENERAL_CUR_RSET_V YUPH_ACADEMIC_APPT_CUR_RSET_V YUPH_POSITIONS_CUR_RSET_V YUPH_ENROLLMENT_CUR_RSET_V YUPH_COST_CENTER_FLAT_V YUPH_COST_CENTER_HIER_V YUPH_ACADEMIC_UNIT_FLAT_V YUPH_SUPERVISORY_ORG_FLAT_V Test Release 1: • 247 from Workday • 76 from IDR • ABAC Security in implemented on top of People Hub. • Service accounts are used to restricted data access. Test Release 2 (November 1’st 2016): • Added Yale Relationship attribute • Added Sponsored Identity attributes • Added new Name fields (Reporting names) from IDR • Added Future workers • 8 Additional fields from Workday Test Release 3 (November 21’st 2016): • Incremental Loads • Standardization of Attributes (Ex. Gender, Marital Status, Phone Number) -6 -

Workday@Yale People Hub and ISR 107 systems flagged needing people data in ISR inventory sheet 70 systems needing People Hub access (31 organizations) 44 systems with Access Request in queue (attended clinic 3, have access or approved access or requested access 41) 25 existing IDR integrations will be pointed to People Hub as the data source for remediation purpose -7 -

Workday@Yale Request Process Submittal of Access Request Form Pre. Approval Limited Review & Approval Full Review & Approval Non-student data Student data Controlled-Basic Controlled. Extended Risk Management For Workday Requests -8 - (high risk) All Affiliations Limited Restricted People Hub Security Setup and Integration (Vendor Agreements and Security Assessments)

People Hub Request Form Workday@Yale For Workday System Remediation: Where is form located? Workday. yale. edu => Impacted Systems => People Data Information Section => People Attribute Release Form for Workday System Remediation -9 -

People Data Groupings (refer to request form for all attributes within group) Grouping Description Workday@Yale Examples of Data Access Control for Workday R 4 System Remediation Unauthorized disclosure, alteration or destruction would result in little or no risk to the University and its affiliates, with the exception of Net. ID. • Faculty/Staff Directory • Student FERPA Directory (subset) • UPI • Yale Email • Net. ID – viewable only by people with a valid Net. ID, or in service of external authentication (e. g. , CAS, Shibboleth) • Display Name • edu. Person Affiliation(s) or Role(s) • Department • Job Title • Work Phone • Primary Enrollment Status • Primary Graduate Degree Department Limited Unauthorized disclosure, alteration or destruction could result in a moderate level of risk to the University or its affiliates. • Student FERPA Protected • Protected by University policy • Net. ID – viewable by people without a valid Net. ID for a purpose other than external authentication • Pay Group • Pay Rate Type • Continuous Service Date • FTE • Hire Date • Student Leave Status • Obtain approval from data owners for every access request Restricted Unauthorized disclosure, alteration or destruction of that data could be misused by a criminal or data that are considered Sensitive. • Student FERPA Protected • Protected by University policy • • Obtain approval from data owners for every access request Controlled National Identifier (SSN) Date of Birth Date of Death Prox Number Home Address Gender - 10 - • Student data minimal review – This group can be approved for student data after FERPA Legitimate Educational Interest is verified. • All other populations are preapproved for access requests

Application Access to People Data / Hub - 11 - Workday@Yale

Workday@Yale People Hub Services Ready for Consumption: • People. Service V 1. 0 – People. Service contains a subset of available People Hub data attributes that are most commonly used by downstream applications. - Response is controlled by the security applied to the People Hub as well as request parameters passed, which can filter the desired population or response data set. - Service should be used for consuming multiple records/rows (batches of data) for applications. • Searchby. Individual V 1. 0 – The Searchby. Individual service will return the full response data set available via the People. Service. - GET request for either 1 individual if searching by Net. Id/UPI/Mag Stripe Number/Prox Number - Smaller subset if searching by name parameters. New Services/Changes to Existing Services: • If the existing services do not meet the needs of the consuming application a new service may be built or an existing service may be revised and versioned. • Versioning - Minor changes (i. e. single field added to response) will be tracked as V 1. 1. Major changes (i. e. change to request parameters) will be tracked as V 2. 0. • Search by Individual Limited Response – same GET request, but smaller response data set - 12 -

Workday@Yale People Hub Services Service Provider Expectations: • Provide the service contract artifact which defines the required request parameters and expected response data. • Grant access to the People Hub via a service account using a standardized naming convention. • Maintain a public repository for technical guidelines/artifacts https: //isa. its. yale. edu/confluence/display/BASP/BSG+Application+Services+Public+Hom e • Monitor availability and performance of available services • Communicate minor and major changes to existing services and new services available Service Consumer Expectations: • Consumption of services will need to adhere to the service contract • Follow established data governance processes to gain access to the People Hub. • Provide technical and functional contact information • Collaborate with IAM and BSG to determine the appropriate service account(s) needed. • Communicate issues/challenges with existing services and ideas for changes or new services. - 13 -

Workday@Yale ODBC / JDBC Integration ODBC and JDBC are supported through the use of integration views, which are secured to expose approved data attributes and populations § Integration views are developed § The views are: ‒ People General: contains one row person, and includes demographic, identifier, status, affiliation, contact, position, academic appointment, and student enrollment attributes ‒ Academic Appointment ‒ Position ‒ Student Enrollment ‒ Hierarchies for Cost Center, Academic Unit, and Supervisory Org - 14 -

Workday@Yale People Hub Target Dates 2016 Topic Changes to People Data Notes Jun 2017 Jul Aug Sep Dec Jan Feb Mar Apr May Jun Jul Aug Mapping rules published Attend workshops to complete and submit Data Access Request Forms Populating the People Hub with Data Using the People Hub: ODBC/JDBC (Contingency) Nov Additional data elements added to mapping rules as needed Getting Request form and process Access specific to Workday to Production system remediation Data Using the People Hub: Web Services (Preferred) Oct Workshops continue if needed Test Data Tentative Production Tentative Production Include Sponsored Identity attributes Initial web service expected to meet 80% of needs. Expect to provide additional web services. Initial Web Service Available Publish description of Will accelerate initial web service availability if possible Integration Views Available Publish Test integration views view design Tested views - 15 - Last updated 08/02/16

1 6 Draft We are he re Roadmap Q 1 FY 17 Test Release 1 People Hub Q 2 FY 17 Workday@Yale Q 3 FY 17 Q 4 FY 17 Q 1 FY 18 For pilot systems: YBT, Facilities, IRES, SIS, Message III, Law School Test Release 2 Monthly Test Releases Production Release 1 People Data Attributes Grouping and Access Forms All access forms reviewed and approved HCM/Academic DM RE DM PCARD DM Data Marts Facilities DM ITS Billing DM Data Security Solutions New ABAC solution – backend Maintain YAS Wizard New ABAC solution frontend Attribute Based Access Control Develop manual scripts to maintain YAS value post go live - 16 -

Workday@Yale Q&A • Questions? • Concerns? • Didn’t cover it today? • Contact us at workday@yale. edu - 17 -